This feature prevents HTTP parameter pollution attempts using duplicate parameters with the same type (see above for a list of supported types). For instance, this is the case if the same parameter is added multiple times as a POST parameter.
Join values of duplicate parameters
If enabled, all the different values for a parameter are joined by commas in order of appearance. The aggregate value is then checked against deny rules as if it had been submitted as an original value by the client.